yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
23992 commits 89 branches 205 tags 114 MiB
Commit graph

8411 commits

Author SHA1 Message Date
Gilles Peskine 7d3186d18a Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration 
There's no renegotiation in TLS 1.3, so this option should have no effect.
Insist on having it disabled, to avoid the risk of accidentally having
different behavior in TLS 1.3 if the option is enabled (as happened in
https://github.com/Mbed-TLS/mbedtls/issues/6200).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-01 19:47:23 +01:00
Dave Rodgman f4385faa6f
Merge pull request #7188 from paul-elliott-arm/interruptible_sign_hash_complete_after_start_fail 
Interruptible {sign|verify} hash - Call complete() after start() failure.
 2023-03-01 17:18:08 +00:00
Paul Elliott 42585f678b
Merge pull request #7176 from paul-elliott-arm/interruptible_sign_hash_verify_test_improvements 
Interruptible {sign|verify} hash verification test improvements
 2023-03-01 15:00:45 +00:00
Paul Elliott ebf2e38662
Merge pull request #7177 from paul-elliott-arm/interruptible_sign_hash_improve_num_ops_testing 
Interruptible sign hash improve num ops testing
 2023-03-01 14:59:44 +00:00
Paul Elliott de7c31e082 Improve comment wording 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-01 14:43:52 +00:00
Przemek Stekiel f5dcb8886a Rework pake input getters tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-01 12:28:21 +01:00
Gilles Peskine 1eae11565d
Merge pull request #6949 from bensze01/replace_pkcs7_fuzzer_tests 
Replace fuzzer-generated PKCS #7 memory management tests
 2023-03-01 10:46:22 +01:00
Pengyu Lv c6298ad46a Use parentheses to avoid executing the output 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-01 10:31:29 +08:00
Pengyu Lv c2b1864ceb Revert "Check if the license server is available for armcc" 
This reverts commit 55c4fa4f41.

After discussion, We decided not to check the availability
of the license server for the impacts on CI and user usages.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-01 10:25:08 +08:00
Paul Elliott 7c17308253 Add num_ops tests to sign and verify interruptible hash 
This is the only test usable for non-deterministic ECDSA, thus needs this
code path testing as well.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-28 17:23:29 +00:00
Paul Elliott 8359c14c14 Add hash corruption test to interruptible verify test 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-28 17:23:29 +00:00
Paul Elliott c1e0400bac Add test to check not calling get_num_ops() 
Make sure that not calling get_num_ops() inbetweeen calls to complete() does
not mean that ops get lost (Regression test for previous fix).

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-28 17:20:14 +00:00
Paul Elliott 9e8819f356 Move 'change max_ops' test into ops tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-28 17:20:14 +00:00
Paul Elliott 5770224ef3 Rename max ops tests to ops tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-28 17:20:14 +00:00
Gilles Peskine 7e677fa2c5
Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite 
Remove pkwrite dependency in pk using PSA for ECDSA
 2023-02-28 18:17:16 +01:00
Gilles Peskine b52b788e55
Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension 
Add AES with armv8 crypto extension
 2023-02-28 18:16:37 +01:00
Paul Elliott 587e780812 Test calling complete() after {sign|verify}_hash_start fails 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-28 17:13:39 +00:00
Gilles Peskine e4616830b3
Merge pull request #7137 from lpy4105/issue/1785/ssl-test-script-fail 
compat.sh: Skip static ECDH cases if unsupported in openssl
 2023-02-28 18:11:39 +01:00
Dave Rodgman 17152df58d
Merge pull request #7175 from paul-elliott-arm/interruptible_sign_hash_test_comments 
Interruptible sign hash test comments
 2023-02-28 17:09:43 +00:00
Gilles Peskine ebb63420cc
Merge pull request #7124 from oberon-microsystems/fix-test-output-length-on-success-only 
Fix test to check output length on PSA_SUCCESS only
 2023-02-28 18:09:33 +01:00
Bence Szépkúti 35d674a6ee Replace usage of echo -e in pkcs7 data Makefile 
This use of the shell builtin is not portable.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2023-02-28 17:01:21 +01:00
Dave Rodgman ffb4dc38c8
Merge pull request #7183 from paul-elliott-arm/interruptible_sign_hash_test_max_ops_0 
Interruptible {sign|verify} hash : Change max_ops=min tests to use a value of zero.
 2023-02-28 15:56:01 +00:00
Bence Szépkúti 4a2fff6369 Fix expected error code 
This was overlooked during the rebase.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2023-02-28 16:40:27 +01:00
Gabor Mezei 804cfd32ea
Follow the naming convention 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-27 16:50:09 +01:00
Paul Elliott ac2251dad1
Merge pull request #7076 from mprse/parse_RFC822_name 
Add parsing of x509 RFC822 name + test
 2023-02-27 14:16:13 +00:00
Paul Elliott cd7e8bce03 Change max_ops=min tests to use zero 
Zero is the minimum value defined by the spec, just because the internal
implementation treats zero and one as the same thing does not mean that other
implementations will also do so.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-27 12:21:36 +00:00
Stephan Koch 5819d2c141 Feedback from Arm: guarantee that output_length <= output_size even on error, to reduce the risk that a missing error check 
escalates into a buffer overflow in the application code

Signed-off-by: Stephan Koch <koch@oberon.ch>
 2023-02-27 11:49:13 +01:00
oberon-sk 10c0f770ce asymmetric_encrypt: check output length only if return code is PSA_SUCCESS. 
Signed-off-by: Stephan Koch <koch@oberon.ch>
 2023-02-27 11:48:51 +01:00
Paul Elliott c2033502f5 Give edge case tests a better name 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-26 18:47:58 +00:00
Paul Elliott c7f6882995 Add comments to each test case to show intent 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-26 18:47:58 +00:00
Dave Rodgman 21dfce7a5c Add tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-25 17:10:38 +00:00
Dave Rodgman a4e8fb0041 Add tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-24 15:57:30 +00:00
Bence Szépkúti 248971348b Replace fuzzer-generated PKCS7 regression tests 
This commit adds well-formed reproducers for the memory management
issues fixed in the following commits:

290f01b3f5
e7f8c616d0
f7641544ea

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2023-02-24 15:31:03 +01:00
Pengyu Lv 55c4fa4f41 Check if the license server is available for armcc 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-24 18:31:50 +08:00
Przemek Stekiel 6f2d1f419a Further pake tests optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-24 10:22:47 +01:00
Pengyu Lv df07003c49 all.sh: add support function for build_armcc 
With this change, "--list-components" will not list
"build_armcc" on the system which is not installed
with Arm Compilers.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-24 16:03:31 +08:00
Pengyu Lv 51b5f00a43 all.sh: Skip build_mingw correctly 
If i686-w64-mingw32-gcc is not installed, then
build_mingw should be unsupported.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-24 15:38:52 +08:00
Manuel Pégourié-Gonnard 623c73b46d Remove config.py call on now-internal option 
It turns out config.py wouldn't complain, but it's still confusing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-23 20:36:05 +01:00
Przemek Stekiel 083745e097 Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-23 17:28:23 +01:00
Gilles Peskine df6e84a447 Test the PSA alternative header configuration macros 
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-23 17:18:33 +01:00
Przemek Stekiel bdc21e623e Disable MBEDTLS_PSA_CRYPTO_SE_C is ecdsa psa builds 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-23 17:12:19 +01:00
Valerio Setti 1af76d119d ssl-opt: automatically detect requirements from the specified certificates 
This moslty focus on tests using "server5*" cerificate. Several cases
are taken into account depending on:
- TLS version (1.2 or 1.3)
- server or client roles

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-23 16:55:59 +01:00
Valerio Setti 3f2309fea6 ssl-opt: remove redundant requires_config_enabled when force_ciphersuite is set 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-23 13:47:30 +01:00
Manuel Pégourié-Gonnard 0d4152186d Make MBEDTLS_MD_LIGHT private for now. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-23 13:02:13 +01:00
Valerio Setti d1f991c879 ssl-opt: fix required configs in ECDSA related tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-23 09:31:41 +01:00
Pengyu Lv 9e7bb2a92c Update some comments 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-23 16:03:56 +08:00
Przemek Stekiel d59d2a4dee Optimize pake tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-23 07:30:40 +01:00
Janos Follath 406b9172ad
Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup 
Bignum: Add named moduli setup
 2023-02-22 12:14:33 +00:00
Valerio Setti 6445912d9c test: enable ssl-opt in test_psa_crypto_config_[accel/reference]_ecdsa_use_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-22 12:35:16 +01:00
Przemek Stekiel 51a677bb30 Remove support for pake opaque driver 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel 80a8849903 Adapt conditional compilation flags for jpake alg 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel 6b64862ef7 Documentation fixes and code adaptation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel 251e86ae3f Adapt names to more suitable and fix conditional compilation flags 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel b45b8ce474 Disable MBEDTLS_PSA_CRYPTO_SE_C is hash psa builds 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel 3e784d8981 PSA crypto pake: call abort on each failure 
Adapt driver hook counters in pake driver test.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel a48cf500d7 mbedtls_test_transparent_pake_abort: call driver/build-in impl even when status is forced 
This is done to solve the problem with memory leak when pake abort status is forced. In this case the driver/build-in abort function was not executed.
After failure core clears the operation object and no successive abort call is possible.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel f62b3bb087 Optimization of pake core functions 
Adapt pake test (passing NULL buffers is not allowed).
Passing the null buffer to psa_pake_output results in a hard fault.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel 9dd2440c95 Change pake input: key_lifetime -> key attributes 
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel dde6a910bb Optimize out psa_pake_computation_stage_t 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel ca8d2b2589 Add get-data functions for inputs + tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel 7b730175b3 Simplify psa_pake_computation_stage_s structure 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel b09c487546 Combine core pake computation stage(step,sequence,state) into single driver step 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel 9a5b812aa8 Cleanup the code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel fcd70e250f Adapt pake driver wrapper tests for the new design 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel e12ed36a6c Move JPAKE state machine logic from driver to core 
- Add `alg` and `computation_stage` to `psa_pake_operation_s`.
  Now when logic is moved to core information about `alg` is required.
  `computation_stage` is a structure that provides a union of computation stages for pake algorithms.
- Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms.
- Removed test that seems to be redundant as we can't be sure that operation is aborted after failure.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel 3f9dbac83f Adapt ake driver tests to the new design 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel 95629ab4ae Add forced status for pake setup 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel c6b954686b Adapt test_suite_psa_crypto_pake test for the new design 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel 51eac53b93 Divide pake operation into two phases collecting inputs and computation. 
Functions that only set inputs do not have driver entry points.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Przemek Stekiel 0c78180ee5 mbedtls_psa_pake_get_implicit_key: move psa_key_derivation_input_bytes call to upper layer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Przemek Stekiel 7658a0768b Add pake driver wrapper tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Przemek Stekiel 061a016c65 Add ALG_TLS12_PRF, TLS12_PSK_TO_MS, LG_TLS12_ECJPAKE_TO_PMS support to test driver extensions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Przemek Stekiel 6a9785f061 Add pake.h to test driver header 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Przemek Stekiel 03790029a6 Add test components to test accelerated pake and fallback 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Przemek Stekiel d3da040f34 Add test driver impl for pake 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Pengyu Lv 07d5085fcf Skip ECDH ciphersuites for O->m pair 
The mechanism of detecting unsupported ciphersuites
for OpenSSL client doesn't work on a modern OpenSSL.
At least, it fails on Travis CI which is installed
with OpenSSL 1.1.1f. So we need to skip ECDH cipher-
suites for O->m.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-22 12:18:48 +08:00
Pengyu Lv a64c277588 compat.sh: Skip all *ECDH_* ciphersuites 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-22 10:19:40 +08:00
Gilles Peskine ffb92b0789
Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug 
Fix bugs in OID to string conversion
 2023-02-21 23:16:44 +01:00
Paul Elliott 48c591cb56 Fix warning with GCC 12 
Fix warning about variable being used uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-21 16:31:56 +00:00
Gilles Peskine 250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle 
Implement PSA interruptible sign/verify hash
 2023-02-21 15:13:34 +01:00
Manuel Pégourié-Gonnard d1c001aff7 Fix some dependencies in test_suite_psa_crypto 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-21 13:37:17 +01:00
Przemek Stekiel a006f8c17b Adapt dependencies for parsing rfc822Name test 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-21 13:36:56 +01:00
Manuel Pégourié-Gonnard e91bcf31b6 Add comparison of accel_ecdh_use_psa against ref 
With temporary exclusions to be lifted as follow-ups.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-21 13:07:19 +01:00
Dave Rodgman e42cedf256
Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased 
Pkcs7 fixes
 2023-02-21 11:53:30 +00:00
Manuel Pégourié-Gonnard 59a2b8fd57 Add component accel_ecdh_use_psa 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-21 12:42:31 +01:00
Manuel Pégourié-Gonnard e3095e7cb0 Add comments to accel_ecdh component 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-21 12:19:06 +01:00
Gabor Mezei f65a059a64
Add test generation for ecp_mod_p224_raw 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-21 11:40:27 +01:00
Gabor Mezei 66f88a9d22
Extract Secp224r1 from the prototype 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-21 11:32:29 +01:00
Pengyu Lv 5e780df3e3 Only use standard cipher name 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-21 14:19:27 +08:00
David Horstmann a4fad2ba67 Correct error code in test_suite_x509parse.data 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-20 14:57:47 +00:00
Dave Rodgman 716163e824 Improve allocation bounds in testing 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-20 14:46:51 +00:00
David Horstmann 5b5a0b618c Change error codes to more appropriate codes 
The more precise error codes are borrowed from the ASN1 module.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-20 14:24:12 +00:00
Przemek Stekiel 5b9e4168cf Add rfc822Name support in mbedtls_x509_info_subject_alt_name + adapt test 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-20 15:09:50 +01:00
Przemek Stekiel 608e3efc47 Add test for parsing SAN: rfc822Name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-20 15:09:50 +01:00
Minos Galanakis a30afe2216 ecp_curves: Minor refactoring. 
This patch introduces the following changes:
* Documentation for `mbedtls_ecp_modulus_setup()`
  moved to `ecp_invasive.h`.
* Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`.
* Adjusted negative tests to use invalid selectors.
* Reworded documentation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-02-20 13:53:06 +00:00
Minos Galanakis 36f7c0e69b test_suite_ecp: Added .data for ecp_setup_test() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-02-20 13:51:49 +00:00
Minos Galanakis 9a1d02d738 test_suite_ecp: Added test for mbedtls_ecp_modulus_setup() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-02-20 13:51:48 +00:00
Janos Follath ec718afb41
Merge pull request #7051 from gabor-mezei-arm/6376_Secp521r1_fast_reduction 
Add a raw entry point to Secp521r1 fast reduction
 2023-02-20 13:03:12 +00:00
Manuel Pégourié-Gonnard 9e04b5bcfc Disable MD-light in accel_hash_use_psa 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-20 12:53:23 +01:00
Manuel Pégourié-Gonnard 718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san 
Add the uniformResourceIdentifier subtype for the subjectAltName
 2023-02-20 11:29:59 +01:00
Pengyu Lv 1c0e4c013a compat.sh: skip static ECDH cases if unsupported in openssl 
This commit add support to detect if openssl used for testing
supports static ECDH key exchange. Skip the ciphersutes if
openssl doesn't support them.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-20 18:05:21 +08:00
Paul Elliott f8e5b56ad8 Fix get_num_ops internal code. 
Previously calling get_num_ops more than once would have ended up with ops
getting double counted, and not calling inbetween completes would have ended up
with ops getting missed. Fix this by moving this to where the work is actually
done, and add tests for double calls to get_num_ops().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-19 18:55:10 +00:00
oberon-sk 6d50173d9c Handle Edwards curves similar to Montgomery curves wrt key export length. 
Signed-off-by: Stephan Koch <koch@oberon.ch>
 2023-02-17 11:19:20 +01:00
Manuel Pégourié-Gonnard b9b630d628 Define "light" subset of MD 
See docs/architecture/psa-migration/md-cipher-dispatch.md

Regarding testing, the no_md component was never very useful, as that's
not something people are likely to want to do: it was mostly useful as
executable documentation of what depends on MD. It's going to be even
less useful when more and more modules auto-enable MD_LIGHT or even
MD_C. So, recycle it to test the build with only MD_LIGHT, which is
something that might happen in practice, and is necessary to ensure that
the division is consistent.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-16 22:30:06 +01:00
Manuel Pégourié-Gonnard ba2412fd21 Remove internal function md_process() 
It was already marked as internal use only, and no longer used
internally. Also, it won't work when we dispatch to PSA.

Remove it before the MD_LIGHT split to avoid a corner case: it's
technically a hashing function, no HMAC or extra metadata, but we still
don't want it in MD_LIGHT really.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-16 18:44:46 +01:00
Dave Rodgman d652dce9ea Add failing test case (invalid signature) for zero-length data 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-16 16:39:34 +00:00
Dave Rodgman c5874db5b0 Add test-case for signature over zero-length data 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-16 16:14:46 +00:00
Paul Elliott 0af1b5367b Remove some abbrevations from test descriptions. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-16 12:15:39 +00:00
Paul Elliott 96b89b208a Add comment to indicate non-PSA spec assertion. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-16 12:15:39 +00:00
Paul Elliott f1743e2440 Add verify call to max ops tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-16 12:15:39 +00:00
Paul Elliott c86d45e8a1 Remove spurious incorrect comment 
Comment originated from original version of this code, and the newer comment
which was added when it was pulled into a seperate function covers all cases.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott efebad0d67 Run extra complete in failure tests regardless. 
We do not need to expect to fail, running another complete in either sign or
verify after successful completion should also return BAD_STATE.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 01885fa5e5 Fix include guards on auxiliary test function. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott a4cb909fcd Add max ops tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 76d671ad73 Split state tests into two functions 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott b830b35fb1 Shorten test descriptions. 
Also mark some tests as being deterministic ECDSA where this was lacking.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 1243f93cca Fix build fails with non ECDSA / restartable builds 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 6f60037589 Move {min|max}_complete choice logic into function 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott c9774411d4 Ensure that operation is put into error state if error occurs 
If an error occurs, calling any function on the same operation should return
PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra
failure tests to try and ratify this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott f9c91a7fb5 Store the hash, rather than the pointer 
For sign and verify, the pointer passed in to the hash is not guaranteed to
remain valid inbetween calls, thus we need to store the hash in the
operation. Added a test to ensure this is the case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 0e9d6bd3f8 Replace MBEDTLS_ECP_DP_SECP384R1_ENABLED 
With more appropriate PSA_WANT_ECC_SECP_R1_384

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 813f9cdcbb Non ECDSA algorithms should return not supported 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott ab7c5c8550 Change incorrect define for MAX_OPS_UNLIMITED 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott cb23311bd0 Fix incorrect test dependencies part 2 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott c4e2be86ef Fix incorrect test dependancies 
Test for not having determnistic ECDSA was also being run when no ECDSA, and
this fails earlier. Fixed this and added a specific test for no ECDSA. Also
fixed (swapped) incorrect test descriptions.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 62dfb95993 Fix broken negative test 
Test for unsupported deterministic ECDSA was originally passing due to
incorrect code, fixing the code unfortunately broke the test.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 97ac7d9090 Calculate min/max completes rather than passing in to test 
Only 2 options were really possible anyway - complete in 1 op, or somewhere
between 2 and max ops. Anything else we cannot test due to implementation
specifics.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 334d726d40 Ensure ops are tested on successful 'fail' tests 
Make sure the number of ops is tested in the interruptible failure tests,
should they get through the interruptible loop part.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott edfc883568 Change test loops over to do...while 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 59ad9457b6 Add {sign/verify}_hash_abort_internal 
Ensure that num_ops is cleared when manual abort is called, but obviously not
when an operation just completes, and test this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 20a360679b Add State tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 0c68335a42 Convert tests to configurable max_ops 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 4cec2f60dc Add interruptible to psa_op_fail tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 9100797cb3 Negative tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 712d512007 Basic tests 
Sign Hash, Verify Hash and Sign and Verify Hash.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Gabor Mezei 555b1f7e44
Add check for test 
Check the bit length of the output of ecp_mod_p521_raw.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-15 18:19:09 +01:00
Gabor Mezei cf228706cd
Restrict input parameter size for ecp_mod_p521_raw 
The imput mpi parameter must have twice as many limbs as the modulus.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-15 18:19:08 +01:00
Gabor Mezei b62ad5d569
Rename function to follow naming convention 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-15 18:13:48 +01:00
Gabor Mezei d8f67b975b
Add test generation for ecp_mod_p521_raw 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-15 18:13:48 +01:00
Gilles Peskine e2a9f86755
Merge pull request #6971 from gabor-mezei-arm/6026_Secp192r1_fast_reduction 
Extract Secp192r1 fast reduction from the prototype
 2023-02-15 16:22:36 +01:00
David Horstmann 895eb7c9b5 Add testcases for overlong encoding of OIDs 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-15 12:09:41 +00:00
David Horstmann f01de145bd Add tests for mbedtls_oid_get_numeric_string() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-15 11:45:51 +00:00
Andrzej Kurek 72082dc28e Improve tests/scripts/depends.py code 
As suggested by gilles-peskine-arm.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-15 05:20:33 -05:00
Gilles Peskine c5e2a4fe67
Merge pull request #6937 from valeriosetti/issue6886 
Add test for PK parsing of keys using compressed points
 2023-02-14 19:54:29 +01:00
Andrzej Kurek 570a0f808b Move to DER certificates for new x509 tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-14 05:52:49 -05:00
Dave Rodgman 319a5675db
Merge pull request #7084 from daverodgman/sizemax-uintmax 
Assume SIZE_MAX >= INT_MAX, UINT_MAX
 2023-02-14 10:06:22 +00:00
Andrzej Kurek 4077372b98 Fix SHA requirement for SAN URI tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-13 10:18:17 -05:00
Andrzej Kurek 7a05fab716 Added the uniformResourceIdentifier subtype for the subjectAltName. 
Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-13 10:03:07 -05:00
Valerio Setti 1b08d421a7 test: fix: replace CAN_ECDSA_SOME with CAN_ECDSA_SIGN+CAN_ECDSA_VERIFY when both are needed 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 15:35:37 +01:00
Valerio Setti 16f02e0196 test: adjust include after PK_CAN_ECDSA_SOME was moved 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 15:35:37 +01:00